On Monday 03 February 2003 00:39, Togan Muftuoglu wrote:
SuSEfirewall2 will drop requests coming to the External address which have private addresses this is antispoofing. Th eonly way you can change this is adding your rules in the custom script "fw_custom_before_ antispoofing"
iptables -A INPUT -i internal_int -s internal_net/mask -d external_int -j ACCEPT
you can add port numbers also so you will be limiting the behavior of this permission
I ended up adding the following lines to the "/etc/sysconfig/scripts/SuSEfirewall2-custom" file: iptables -A INPUT -i eth1 -s 192.168.1.0/24 -d real_server_ip \ -p tcp -m multiport --dports \ ssh,smtp,domain,http,ntp,https,imaps,pop3s,8080 -j ACCEPT iptables -A INPUT -i eth1 -s 192.168.1.0/24 -d real_server_ip \ -p udp -m multiport --dports ntp,domain -j ACCEPT I believe that this will allow only access to TCP ports ssh,smtp,domain,http,ntp,https,imaps,pop3s,8080 and UDP ports ntp,domain from the internal network, 192.168.1.0/24 to the external IP. Does this make sense to you? Thanks a lot! Seems to be working fine! -- Marc Christensen http://www.mecworks.com http://www.mecworks.com/~marc/resume